Role Description The Business Information Security Consultant provides advisory and hands-on support for security governance, risk management, and secure application development initiatives. This role supports ongoing security efforts for application implementations, third-party risk assessments, and business-facing security programs. The position interacts closely with business, technology, and security stakeholders to assess controls, facilitate risk mitigation activities, and deliver consistent security practices across multiple initiatives. Key Responsibilities - Secure by Design & SDLC Support - Support secure-by-design initiatives by evaluating security controls within application implementations. - Perform security-related SDLC activities using standardized security user stories. - Provide ongoing consultation for in-scope applications to ensure alignment with security requirements. - Assist development and project teams in understanding and applying security controls. - Risk Management & Third-Party Assessments - Conduct risk assessments and due diligence activities for third-party vendors. - Identify risks and recommend mitigation strategies aligned with organizational standards. - Support vendor risk management processes and ongoing monitoring activities. - Security Assessments & Governance Support - Support physical site security assessments on an as-needed basis. - Facilitate Security Risk Acknowledgment and Action Planning activities. - Provide ad-hoc security consultation through formal service request processes. - Ensure consistent application of security governance practices across initiatives. - Reporting & Program Visibility - Prepare and deliver monthly reports summarizing security demand, activities, and outcomes. - Track and communicate workload, trends, and key risk indicators. - Provide updates to leadership on security initiatives and risk posture. - Stakeholder Collaboration & Advisory - Partner with business, IT, and security teams to align on risk, controls, and implementation strategies. - Act as a trusted advisor for security-related decisions and risk acceptances. - Support cross-functional communication and coordination on security initiatives. Qualifications - 5 or more years of experience in information security, risk management, or security consulting. - Experience supporting secure software development life cycle activities. - Experience conducting vendor risk assessments and due diligence reviews. - Strong understanding of security controls, risk frameworks, and mitigation strategies. - Experience working directly with business and technical stakeholders. - Strong written and verbal communication skills. Preferred Qualifications - Experience supporting divestiture, integration, or transformation programs. - Familiarity with enterprise security assessment methodologies. - Experience supporting physical security assessments. - Experience working in regulated or large enterprise environments. Core Skills & Attributes - Strong analytical and risk assessment capabilities. - Ability to communicate complex security concepts to non-technical stakeholders. - Strong organizational and reporting skills. - Ability to manage multiple concurrent tasks in a demand-driven environment. - Collaborative and consultative approach to problem solving. - High attention to detail and accountability in security processes. Benefits - Competitive salary - 100% Remote - Mid–Senior Level (5 or more years of relevant experience) This is a remote position.

• Lead the design and management of cloud security controls across Google Cloud environments • Conduct security assessments to identify vulnerabilities, misconfigurations, and compliance gaps, then drive remediation efforts • Develop and maintain cloud security policies, standards, and best practices aligned with frameworks such as NIST and SOC 2 • Partner with cloud engineering, site reliability engineering, and product engineering teams to implement secure infrastructure and network changes • Support DevOps and infrastructure teams with secure deployment practices, automation, and cloud security tooling • Monitor network activity and security events, investigate threats, and respond to incidents to maintain platform integrity • Mentor team members and share guidance on cloud security strategy, tooling, and emerging risks

• Build the team, processes, and technical controls required to protect our highly sensitive patient data while navigating the intersection of HIPAA and 42 CFR Part 2. • Own the 12–24 month roadmap to achieve HITRUST Certification, ensuring that our security practices are not only effective but are measurable, auditable, and scalable. • Make our Information Security, Trust & Compliance practices a competitive differentiator for Bicycle Health.

Title: Cybersecurity Engineer (SOAR) [JOB ID 20260504] Location: Remote Department: Client Services Full-time Experienced Job Description: Phoenix Cyber is looking for Cybersecurity Engineers to join our client delivery team. This is a remote, work-from-home position with the possibility of minimal travel within the continental United States. Requirements: - Degree in a STEM related discipline and/or a minimum 5 years of experience - 2+ years of experience developing with Python - Working knowledge of scripting languages Bash and PowerShell - At least 3 years of experience in software development with COTS integration - Working knowledge of one or more programming languages such as C#, JavaScript, or Node.js - Experience in API development/consumption - Prior consulting experience Nice to have: - Demonstrated proficiency in cyber security platforms: SOAR, SIEM, IDS/IPS, DLP, WAF, Endpoint Security - Experience with SOAR tools, Swimlane, Cyber Triage, Phantom - Experience with container services (Docker, Kubernetes, etc.) - Linux administration experience - Cloud infrastructure experience (AWS, Google, or Azure) - Experience with the ELK (Elasticsearch, Logstash, Kibana) stack, Elastic Cloud on Kubernetes (ECK), Kafka, Beats, and/or Splunk - Experience using Agile methodologies - Prior government, large enterprise experience - Government security clearance Responsibilities: - Provide technical expertise and real-life experience in creating innovative solutions within the cybersecurity space - Develop and implement automations in response to security incidents - Proactively collaborating, developing, and designing security orchestrations with SMEs/engineers, vendors, and project stakeholders - Ability to navigate and adapt to a fast-paced ever-changing environment with a team of like-minded, cross-functional individuals Phoenix Cyber is a national provider of cybersecurity engineering services, operations services, sustainment services and managed security services to organizations determined to strengthen their security posture and enhance the processes and technology used by their security operations team. Phoenix Cyber is an equal opportunity employer and complies with Executive Order 11246, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act (VEVRAA), all amendments to these regulations, and applicable executive orders, federal, and state regulations. Applicants are considered without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, and/or veteran status. Phoenix Cyber participates in E-Verify to confirm the employment eligibility of all newly-hired employees. To learn more about E-Verify, including your rights and responsibilities, go to https://www.e-verify.gov/